Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. id: CVE-2021-43287 info: name: Pre-Auth Takeover of Build Pipelines in GoCD author: dhiyaneshDk severity...

EUVD-2021-30233

Malicious code in bioql PyPI...

EUVD-2021-30230

Malicious code in bioql PyPI...

EUVD-2021-30232

Malicious code in bioql PyPI...

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable

Summary Security vulnerability in FileNet Content Manager FNCM FileNet Content Search Services CSS ThoughtWorks XStream, affected, not vulnerable. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable

Summary Security vulnerability in FileNet Content Manager FNCM FileNet Content Search Services CSS ThoughtWorks XStream, affected, not vulnerable. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

GoCD Cross-Site Scripting Vulnerability (CNVD-2022-77809)

ThoughtWorks GoCD is a continuous delivery server. versions 20.2.0 through 21.4.0 of ThoughtWorks GoCD contain a cross-site scripting vulnerability that stems from a vulnerability to reflected cross-site scripting via an abusive function that renders arbitrary HTML into the returned page. An...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Thoughtworks Gocd

CVE-2021-43287 POC: pocsuite -r CVE-2021-43287GoCDfiler...

ThoughtWorks GoCD Information Disclosure Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

ThoughtWorks GoCD path traversal vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...

ThoughtWorks GoCD Command Injection Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A command injection vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by attackers to cause arbitrary command execution...

ThoughtWorks GoCD Cross-Site Scripting Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A cross-site scripting vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by an attacker controlling a GoCD agent to plant malicious JavaScript into a failed job report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43290

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...